<?php
include 'connect.php';
include 'header.php';


if($_SERVER['REQUEST_METHOD'] != 'POST')
{

}
else
{

	$errors = array(); /* declare the array for later use */
	
	if(isset($_POST['user_name']) && $_POST['user_name']!="")
	{
		//the user name exists
		if(!ctype_alnum($_POST['user_name']))
		{
			$errors[] = 'Login może zawierać jedynie znaki i cyfry.';
		}
		if(strlen($_POST['user_name']) > 30)
		{
			$errors[] = 'Login nie może być dłuższy niż 30 znaków.';
		}
	}
	else
	{
		$errors[] = 'Brak loginu.';
	}


	
	if(isset($_POST['user_pass']) && $_POST['user_pass']!="")
	{
		if($_POST['user_pass'] != $_POST['user_pass_check'])
		{
			$errors[] = 'The two passwords did not match.';
		}
	}
	else
	{
		$errors[] = 'Brak hasła.';
	}
	
	if(!empty($errors)) /*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
	{
		$smarty->assign('errors', $errors);


	}
	else
	{
		//the form has been posted without, so save it
		//notice the use of mysql_real_escape_string, keep everything safe!
		//also notice the sha1 function which hashes the password
		$sql = "INSERT INTO
					users(user_name, user_pass, user_email ,user_date, user_level)
				VALUES('" . mysql_real_escape_string($_POST['user_name']) . "',
					   '" . sha1($_POST['user_pass']) . "',
					   '" . mysql_real_escape_string($_POST['user_email']) . "',
						NOW(),
						0)";
						
		$result = mysql_query($sql);
		if(!$result)
		{

            $smarty->assign('signupResult', 'Błąd. Spróbuj później.');

		}
		else
		{
            $smarty->assign('signupResult', 'Rejestracja pomyślnie zakończona. <a href="signin.php">Zaloguj</a> :-)');
		}
	}
}

$smarty->display('signup.tpl');
?>
